Tolerate a Certificate using a non-supported group on server side

[openssl.git] / test / recipes / 80-test_ca.t

diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t
index 8e01d5f2a8fc56a5c8a2b312f4d89a480525de41..557777e191aa2c70e7b57bf658fe12e563493504 100644 (file)
--- a/test/recipes/80-test_ca.t
+++ b/test/recipes/80-test_ca.t
@@ -13,6 +13,7 @@ use warnings;
 use POSIX;
 use File::Path 2.00 qw/rmtree/;
 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/;
+use OpenSSL::Test::Utils;
 
 setup("test_ca");
 
@@ -22,30 +23,37 @@ my $std_openssl_cnf =
 
 rmtree("demoCA", { safe => 0 });
 
-plan tests => 4;
+plan tests => 5;
  SKIP: {
-     $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "CAss.cnf");
-     skip "failed creating CA structure", 3
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
+     skip "failed creating CA structure", 4
         if !ok(run(perlapp(["CA.pl","-newca"], stdin => undef)),
                'creating CA structure');
 
-     $ENV{OPENSSL_CONFIG} = "-config ".srctop_file("test", "Uss.cnf");
-     skip "failed creating new certificate request", 2
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
+     skip "failed creating new certificate request", 3
         if !ok(run(perlapp(["CA.pl","-newreq"])),
-               'creating CA structure');
+               'creating certificate request');
 
-     $ENV{OPENSSL_CONFIG} = "-config ".$std_openssl_cnf;
-     skip "failed to sign certificate request", 1
+     $ENV{OPENSSL_CONFIG} = '-rand_serial -config "'.$std_openssl_cnf.'"';
+     skip "failed to sign certificate request", 2
         if !is(yes(cmdstr(perlapp(["CA.pl", "-sign"]))), 0,
                'signing certificate request');
 
      ok(run(perlapp(["CA.pl", "-verify", "newcert.pem"])),
-       'verifying new certificate');
+        'verifying new certificate');
+
+     skip "CT not configured, can't use -precert", 1
+         if disabled("ct");
+
+     $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "Uss.cnf").'"';
+     ok(run(perlapp(["CA.pl", "-precert"], stderr => undef)),
+        'creating new pre-certificate');
 }
 
 
 rmtree("demoCA", { safe => 0 });
-unlink "newcert.pem", "newreq.pem";
+unlink "newcert.pem", "newreq.pem", "newkey.pem";
 
 
 sub yes {